code review of modules in lib/core directory

lib/controller/controller.py

@@ -168,7 +168,6 @@ def start():
             conf.method = targetMethod
             conf.data   = targetData
             conf.cookie = targetCookie
-            injData     = []
 
             initTargetEnv()
             parseTargetUrl()

lib/core/common.py

@@ -20,14 +20,12 @@ import time
 import urlparse
 import ntpath
 import posixpath
-import subprocess
 import httplib
 
 from ConfigParser import DEFAULTSECT
 from ConfigParser import RawConfigParser
 from StringIO import StringIO
 from difflib import SequenceMatcher
-from inspect import getmembers
 from math import sqrt
 from subprocess import PIPE
 from subprocess import Popen as execute
@@ -142,7 +140,7 @@ def paramToDict(place, parameters=None):
     if conf.parameters.has_key(place) and not parameters:
         parameters = conf.parameters[place]
 
-    if place is not "POSTxml":
+    if place != "POSTxml":
         parameters = parameters.replace(", ", ",")
 
         if place == PLACE.COOKIE:
@@ -1164,7 +1162,7 @@ def decloakToNamedTemporaryFile(filepath, name=None):
     def __del__():
         try:
             if hasattr(retVal, 'old_name'):
-                retVal.name = old_name
+                retVal.name = retVal.old_name
             retVal.close()
         except OSError:
             pass
@@ -1242,7 +1240,7 @@ def getConsoleWidth(default=80):
     if 'COLUMNS' in os.environ and os.environ['COLUMNS'].isdigit():
         width = int(os.environ['COLUMNS'])
     else:
-        output=subprocess.Popen('stty size', shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE).stdout.read()
+        output=execute('stty size', shell=True, stdout=PIPE, stderr=PIPE).stdout.read()
         items = output.split()
 
         if len(items) == 2 and items[1].isdigit():
@@ -1694,7 +1692,7 @@ def getPublicTypeMembers(type_, onlyValues=False):
 
     retVal = []
 
-    for name, value in getmembers(type_):
+    for name, value in inspect.getmembers(type_):
         if not name.startswith('__'):
             if not onlyValues:
                 retVal.append((name, value))
@@ -2094,7 +2092,7 @@ def openFile(filename, mode='r'):
 
     try:
         return codecs.open(filename, mode, conf.dataEncoding)
-    except IOError, e:
+    except IOError:
         errMsg = "there has been a file opening error for filename '%s'. " % filename
         errMsg += "Please check %s permissions on a file " % ("write" if mode and\
           ('w' in mode or 'a' in mode or '+' in mode) else "read")

lib/core/convert.py

@@ -20,80 +20,80 @@ import urllib
 
 from lib.core.data import conf
 
-def base64decode(string):
+def base64decode(value):
-    return string.decode("base64")
+    return value.decode("base64")
 
-def base64encode(string):
+def base64encode(value):
-    return string.encode("base64")[:-1].replace("\n", "")
+    return value.encode("base64")[:-1].replace("\n", "")
 
-def base64pickle(string):
+def base64pickle(value):
-    return base64encode(pickle.dumps(string))
+    return base64encode(pickle.dumps(value))
 
-def base64unpickle(string):
+def base64unpickle(value):
-    return pickle.loads(base64decode(string))
+    return pickle.loads(base64decode(value))
 
-def hexdecode(string):
+def hexdecode(value):
-    string = string.lower()
+    value = value.lower()
 
-    if string.startswith("0x"):
+    if value.startswith("0x"):
-        string = string[2:]
+        value = value[2:]
 
-    return string.decode("hex")
+    return value.decode("hex")
 
-def hexencode(string):
+def hexencode(value):
-    return string.encode("hex")
+    return value.encode("hex")
 
-def md5hash(string):
+def md5hash(value):
     if sys.modules.has_key('hashlib'):
-        return hashlib.md5(string).hexdigest()
+        return hashlib.md5(value).hexdigest()
     else:
-        return md5.new(string).hexdigest()
+        return md5.new(value).hexdigest()
 
-def orddecode(string):
+def orddecode(value):
-    packedString = struct.pack("!"+"I" * len(string), *string)
+    packedString = struct.pack("!"+"I" * len(value), *value)
     return "".join([chr(char) for char in struct.unpack("!"+"I"*(len(packedString)/4), packedString)])
 
-def ordencode(string):
+def ordencode(value):
-    return tuple([ord(char) for char in string])
+    return tuple([ord(char) for char in value])
 
-def sha1hash(string):
+def sha1hash(value):
     if sys.modules.has_key('hashlib'):
-        return hashlib.sha1(string).hexdigest()
+        return hashlib.sha1(value).hexdigest()
     else:
-        return sha.new(string).hexdigest()
+        return sha.new(value).hexdigest()
 
-def urldecode(string):
+def urldecode(value):
     result = None
 
-    if string:
+    if value:
-        result = urllib.unquote_plus(string)
+        result = urllib.unquote_plus(value)
 
     return result
 
-def urlencode(string, safe=":/?%&=", convall=False):
+def urlencode(value, safe=":/?%&=", convall=False):
     if conf.direct or "POSTxml" in conf.paramDict:
-        return string
+        return value
 
     result = None
 
-    if string is None:
+    if value is None:
         return result
 
     if convall:
-        result = urllib.quote(utf8encode(string)) # Reference: http://old.nabble.com/Re:-Problem:-neither-urllib2.quote-nor-urllib.quote-encode-the--unicode-strings-arguments-p19823144.html
+        result = urllib.quote(utf8encode(value)) # Reference: http://old.nabble.com/Re:-Problem:-neither-urllib2.quote-nor-urllib.quote-encode-the--unicode-strings-arguments-p19823144.html
     else:
-        result = urllib.quote(utf8encode(string), safe)
+        result = urllib.quote(utf8encode(value), safe)
 
     return result
 
-def utf8encode(string):
+def utf8encode(value):
-    return string.encode("utf-8")
+    return value.encode("utf-8")
 
-def utf8decode(string):
+def utf8decode(value):
-    return string.decode("utf-8")
+    return value.decode("utf-8")
 
-def htmlescape(string):
+def htmlescape(value):
-    return string.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;').replace("'", '&#39;').replace(' ', '&nbsp;')
+    return value.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;').replace("'", '&#39;').replace(' ', '&nbsp;')
 
-def htmlunescape(string):
+def htmlunescape(value):
-    return string.replace('&amp;', '&').replace('&lt;', '<').replace('&gt;', '>').replace('&quot;', '"').replace('&#39;', "'").replace('&nbsp;', ' ')
+    return value.replace('&amp;', '&').replace('&lt;', '<').replace('&gt;', '>').replace('&quot;', '"').replace('&#39;', "'").replace('&nbsp;', ' ')

lib/core/dump.py

@@ -291,7 +291,7 @@ class Dump:
                             if re.search("^[\ *]*$", value): #NULL
                                 continue
 
-                            temp = int(value)
+                            _ = int(value)
                         except ValueError:
                             colType = None
                             break
@@ -304,7 +304,7 @@ class Dump:
                                 if re.search("^[\ *]*$", value): #NULL
                                     continue
 
-                                temp = float(value)
+                                _ = float(value)
                             except ValueError:
                                 colType = None
                                 break

lib/core/readlineng.py

@@ -7,50 +7,44 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
 See the file 'doc/COPYING' for copying permission
 """
 
-import sys
-
 from lib.core.data import logger
 from lib.core.settings import IS_WIN
 from lib.core.settings import PLATFORM
 
-try:
+_readline = None
-    from readline import *
-    import readline as _rl
 
-    haveReadline = True
+try:
+    import readline as _readline
 except ImportError:
     try:
-        from pyreadline import *
+        import pyreadline as _readline
-        import pyreadline as _rl
-
-        haveReadline = True
     except ImportError:
-        haveReadline = False
+        pass
 
-if IS_WIN and haveReadline:
+if IS_WIN and _readline:
     try:
-        _outputfile=_rl.GetOutputFile()
+        _outputfile = _readline.GetOutputFile()
     except AttributeError:
-        debugMsg  = "Failed GetOutputFile when using platform's "
+        debugMsg = "Failed GetOutputFile when using platform's "
         debugMsg += "readline library"
         logger.debug(debugMsg)
 
-        haveReadline = False
+        _readline = None
 
 # Test to see if libedit is being used instead of GNU readline.
 # Thanks to Boyd Waters for this patch.
 uses_libedit = False
 
-if PLATFORM == 'mac' and haveReadline:
+if PLATFORM == 'mac' and _readline:
     import commands
 
-    (status, result) = commands.getstatusoutput( "otool -L %s | grep libedit" % _rl.__file__ )
+    (status, result) = commands.getstatusoutput( "otool -L %s | grep libedit" % _readline.__file__ )
 
     if status == 0 and len(result) > 0:
         # We are bound to libedit - new in Leopard
-        _rl.parse_and_bind("bind ^I rl_complete")
+        _readline.parse_and_bind("bind ^I rl_complete")
 
-        debugMsg  = "Leopard libedit detected when using platform's "
+        debugMsg = "Leopard libedit detected when using platform's "
         debugMsg += "readline library"
         logger.debug(debugMsg)
 
@@ -61,11 +55,11 @@ if PLATFORM == 'mac' and haveReadline:
 # existence.  Some known platforms actually don't have it.  This thread:
 # http://mail.python.org/pipermail/python-dev/2003-August/037845.html
 # has the original discussion.
-if haveReadline:
+if _readline:
     try:
-        _rl.clear_history
+        _readline.clear_history()
     except AttributeError:
         def clear_history():
             pass
 
-        _rl.clear_history = clear_history
+        _readline.clear_history = clear_history

lib/core/testing.py

@@ -141,7 +141,7 @@ def liveTest():
         count += 1
         msg = "running live test case '%s' (%d/%d)" % (name, count, length)
         logger.info(msg)
-        result = runCase(name, switches, log, session)
+        result = runCase(switches, log, session)
         if result:
             logger.info("test passed")
         else:
@@ -180,7 +180,7 @@ def cleanCase():
     conf.verbose = 1
     __setVerbosity()
 
-def runCase(name=None, switches=None, log=None, session=None):
+def runCase(switches=None, log=None, session=None):
     retVal = True
     initCase(switches)
 

lib/core/update.py

@@ -13,10 +13,8 @@ import os
 import re
 import shutil
 import sys
-import tempfile
 import time
 import urlparse
-import zipfile
 
 from distutils.dir_util import mkpath
 from xml.dom.minidom import Document

lib/core/xmldump.py

@@ -415,7 +415,7 @@ class XMLDump:
 
         logger.info("Table '%s.%s' dumped to XML file" % (db, table))
 
-    def dbColumns(self, dbColumns, colConsider, dbs):
+    def dbColumns(self, dbColumns, _, dbs):
         '''
         Adds information about the columns
         '''
@@ -496,7 +496,7 @@ class XMLDump:
                     self.__root.setAttributeNode(self.__createAttribute(XMLNS_ATTR,NAME_SPACE_ATTR))
                     self.__root.setAttributeNode(self.__createAttribute(SCHEME_NAME_ATTR,SCHEME_NAME))
                     self.__doc.appendChild(self.__root)
-            except IOError, e:
+            except IOError:
                 raise sqlmapFilePathException("Wrong filename provided for saving the xml file: %s" % conf.xmlFile)
 
     def getOutputFile(self):

sqlmap.py

@@ -20,7 +20,7 @@ try:
     import psyco
     psyco.full()
     psyco.profile()
-except ImportError, _:
+except ImportError:
     pass
 
 from lib.controller.controller import start